Super-Malware has become intense, more common

You already know about malware and you’ve learned not to click stupid links, but your company is vulnerable in more ways than just simple viruses sent over emails, with threats coming from new and increasingly intelligent sources.

To help us better navigate these vulnerabilities for every company (even a one person operation), we tapped the wisdom of Maddie Grant, who outlines below the rise of the Super-Malware:

Threats outpace the rise of awareness

Over the last few years the volume and intensity of malicious web security attacks has grown dramatically, thanks mainly to greater access to high-powered distributed systems and automation; and exploit kits that make execution and distribution simpler for cybercriminals. The strength of attacks is daunting and though the internet community is growing more aware of general risks, the threats seem to outpace it. 2013 is dubbed the year of the mega breach, where we witnessed 253 major breaches that exposed 552 Million identities including credit card data, addresses, passwords and other personal information. This was a 62% increase over 2012 (according to Symantec).

Website vulnerability has been a very attractive starting point for cybercriminals to inject and launch their attacks. Symantec’s state of web security report reveals that 77% of the websites they researched had exploitable vulnerabilities and 1-in-8 was critical. With unchecked access to websites, cyber-criminals are left to roam free executing zero-day exploits that covertly infiltrate to not only steal data but also cripple legitimate networks.

The battle to protect your website and guarantee availability for your clients and other site visitors is a critical area of focus for your company. Depending on the reach and scope of your business and the number of clients being served, a data breach can easily cost you upwards of $5.4 Million. Thankfully, it costs significantly less to protect your web assets.

The Types of Attacks & Risk to your Business

Protecting your website and networks requires input and insight for all aspects of the services you’re providing both to clients and internally. If you’re primarily delivering a service online via a software-as-a-service model, you may be inclined to focus solely on making your web application secure at the code level; ignoring the establishment of internal network usage policies and other types of gateway level protection that will help mitigate denial of service attacks, for example.

Complete security requires an approach that not includes your developers, but IT staff, your web host and other security service providers and resources serving the application, network and human layers.

Some of the most common application layer threats are typically directed towards compromising private user data for the sake of financial gain. Through the injection of code to pull data and trick users into sharing private information cybercriminals gain access.

Examples of the most attacks include:

Cross-Site Scripting (XSS)

Injection Flaws

Malicious File Execution

Insecure Direct Object Reference

Cross Site Request Forgery (CSRF)

Broken Authentication and Session Management

Insecure Cryptographic Storage

Insecure Communications

Failure to Restrict URL Access

While other attacks like distributed denial of service attacks (DDos) are designed to completely cripple your business’ ability to serve clients and access critical network assets. These are simply meant to hemorrhage and take your business down causing unimaginable and sometimes irreparable damage.

For these types of attacks, you certainly cannot rely on your web server host for protection. And investing in the physical infrastructure and staff to manage, implement and monitor mitigation appliances and services will definitely put a dent in your cashflow.

DDos Could be the Greatest Threat

DDos works by overloading and flooding network servers with data packets and requests to the extent where the server is unable to respond; therefore, taking down the network. DDos attacks have grown more sophisticated with packet floods growing larger, maxing out at around 100 Gbps. In a six-month campaign against U.S. banks, for which a group of alleged Muslim hacktivists claimed credit, the volume of attack traffic regularly surpassed 30 Gbps – throughput rarely seen a decade ago. The 1st quarter of 2014 saw a 240% increase in botnet activity.

Attackers also have targeted other parts of the network infrastructure. Corporate domain name service servers are a common target, and in this case, customers can no longer access a company’s service. Under these attacks, the number of data center capacity a company has is irrelevant as the requests will never reach the data center. Network availability is a critical focal point for ensure business uptime and deliverability.

These attacks have evolved far beyond the capabilities of the typical in-house network security appliance that will inevitably face an overwhelmed network. The safest and most effective approach is through a hybrid approach from a security company which offers web application firewalls, CDNs, real-time monitoring and high-class network security appliances to detect and block unwanted traffic in the earliest possible instance.

You’re Not Alone in the Fight & Where to Start

Security companies offering a security-as-a-service model mean that your business is saved from investing in staff and infrastructure to acquire a world-class security system. For instance, the load balancing and failover service offered by Incapsula, is very affordable, starting from $19 per month. Incapsula offers an enterprise-grade cloud-based solution supporting all in-datacenter and cross-datacenter scenarios ensuring high availability and protecting against the most powerful DDos attacks, offers instant propagation and distribution algorithms that will guarantee routing to healthy servers.

First-class infrastructure coupled with real-time monitoring capabilities mean that you and Incapsula’s team are accountable for the health of all your network assets. This is very valuable in the case of zero-day attacks that do not have known fixes, giving you the resources and data to act quickly to prevent loss.

Making the decision to migrate the management and protection of your network assets to a security-as-a-service solution, may be the best investment you could make for ensuring reliable disaster recovery and threat mitigation. It’s a sure-fire way to keep your business on the cutting edge of web security as cybercriminals become more covert and powerful.

The American Genius (AG) is news, insights, tools, and inspiration for business owners and professionals. AG condenses information on technology, business, social media, startups, economics and more, so you don’t have to.

Snap a business card pic, Microsoft app finds ’em on LinkedIn

Have you ever been watching some sort of action-adventure movie where there’s a command center with all sorts of unbelievable technology that kind of blows your mind? Well, every day we come closer and closer to living within that command center.

You may think that I’m talkin’ crazy, but check this out – there is a new technology that can scan a business card, and find the business card’s owner on LinkedIn. (Can I get a “say what????!”)

This app is courtesy of Microsoft and goes by the name Pix (it’s not new, but this function is).

The way it works is simple: Bill Jones hands you his business card, you fire up the Pix app (currently only on the iPhone. Sorry, Droids), you snap a picture of the card and the app takes the details (phone number, company, etc.) and finds Bill on LinkedIn. Bingo.

It also will automatically take that information and will create a new profile for Bill Jones within your phone’s contacts. After you scan the business card through Pix, Microsoft will ask if you want to take action.

At this point, Pix will recognize and capture phone numbers, email addresses, and URLs. If your phone is logged into LinkedIn, the apps will work together to find Bill’s profile. Part of me wants to think that this is kind of creepy but a larger part of me thinks that it’s really cool.

According to Microsoft Research’s Principal Program Manager, Josh Weisberg, “Pix is powered by AI to streamline and enhance the experience of taking a picture with a series of intelligent actions: recognizing the subject of a photo, inferring users’ intent and capturing the best quality picture.”

“It’s the combination of both understanding and intelligently acting on a users’ intent that sets Pix apart. Today’s update works with LinkedIn to add yet another intelligent dimension to Pix’s capabilities.”

Pix itself originally launched in 2016 as a way to compete against AI’s ability to edit a photo by use of exposure, focus, and color. This new integration in working with LinkedIn is a time saver, and is beneficial for those who collect business cards like candy and forget to actually do something with them.

Walmart and the blockchain, sitting in a tree

Following the trend of adding “smart” as a prefix to any word to make it futuristic, Walmart now proposes “smart packages.” The retail giant filed for a new patent to improve their shipping and package tracking process using blockchain.

Last week, the U.S. Patent and Trademark Office (USPTO) released the application, which was filed back in August 2017.

Officially, the application notes the smart package will have “a body portion having an inner volume” and “a door coupled to the body portion” that can be open or closed to restrict or allow access to the package contents.

In other words, they’ve patented a box with a door on it that also has lots of monitoring devices.

Various iterations lay claim to all versions of said box include smart packaging utilizing a combination of monitoring devices, modular adapters, autonomous delivery vehicles, and blockchain.

Monitoring devices would regulate location tracking, inner content removal, and environmental conditions of the package like temperature and humidity. This could help reduce loss of products sensitive to environmental changes, like fresh produce.

Modular adapters perform these actions as well, and also ensure the package has access to a power source and the delivery vehicle’s security system to prevent theft.

Blockchain comes into play with a delivery encryption system, monitoring, authenticating, and registering packages. As it moves through the supply chain, packages will be registered throughout the process.

The blockchain would be hashed with private key addresses of sellers, couriers, and buyers to track the chain of custody. Every step of the shipping process would be documented, providing greater accountability and easier record keeping.

This isn’t Walmart’s first foray into the world of blockchain. Last year they teamed up with Nestle, Kroger, and other food companies in a partnership with IBM to improve food traceability with blockchain.

Walmart also took part in a similar food tracking program in China with JD.com last year as well.

And let’s not forget Walmart’s May 2017 USPTO application to use blockchain tech for package delivery via unmanned drones. Their more recent application builds on the drone idea, which also proposed tracking packages with blockchain and monitoring product conditions during delivery.

In their latest application, Walmart notes, “online customers many times seek to purchase items that may require a controlled environment and further seek to have greater security in the shipping packaging that the items are shipped in.”

Implementing blockchain and smart package monitoring as part of the shipping process could greatly reduce product loss and improve shipment tracking.

Experts warn of actual AI risks – we’re about to live in a sci fi movie

Long before artificial intelligence (AI) was even a real thing, science fiction novels and films have warned us about the potentially catastrophic dangers of giving machines too much power.

Now that AI actually exists, and in fact, is fairly widespread, it may be time to consider some of the potential drawbacks and dangers of the technology, before we find ourselves in a nightmarish dystopia the likes of which we’ve only begun to imagine.

The report was written by 26 experts over the course of a two-day workshop held in the UK last month. The authors broke down the potential negative uses of artificial intelligence into three categories – physical, digital, or political.

In the digital category are listed all of the ways that hackers and other criminals can use these advancements to hack, phish, and steal information more quickly and easily. AI can be used to create fake emails and websites for stealing information, or to scan software for potential vulnerabilities much more quickly and efficiently than a human can. AI systems can even be developed specifically to fool other AI systems.

Physical uses included AI-enhanced weapons to automate military and/or terrorist attacks. Commercial drones can be fitted with artificial intelligence programs, and automated vehicles can be hacked for use as weapons. The report also warns of remote attacks, since AI weapons can be controlled from afar, and, most alarmingly, “robot swarms” – which are, horrifyingly, exactly what they sound like.

Lastly, the report warned that artificial intelligence could be used by governments and other special interest entities to influence politics and generate propaganda.

AI systems are getting creepily good at generating faked images and videos – a skill that would make it all too easy to create propaganda from scratch. Furthermore, AI can be used to find the most important and vulnerable targets for such propaganda – a potential practice the report calls “personalized persuasion.” The technology can also be used to squash dissenting opinions by scanning the internet and removing them.

The overall message of the report is that developments in this technology are “dual use” — meaning that AI can be created that is either helpful to humans, or harmful, depending on the intentions of the people programming it.

That means that for every positive advancement in AI, there could be a villain developing a malicious use of the technology. Experts are already working on solutions, but they won’t know exactly what problems they’ll have to combat until those problems appear.

The report concludes that all of these evil-minded uses for these technologies could easily be achieved within the next five years. Buckle up.